Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Finding API Address (https://forum.exetools.com/showthread.php?t=10179)

britedream 09-21-2006 12:16
Finding API Address
 
1 Attachment(s)
Hi,
For finding an api address in the context of dlls loaded with target in ollydbg.
this ollyplugin is for helping newcommer only, of course , from a lousy coder as well, so I felt it isnot good enough to be posted in release forum,but to share it , I am posting it here , hoping some newbie may find it usefull.(not tested but on xp1)

Regards.
Update:
I added one more checkbox, please note ,in the movie isn't clear, but you have to double clik on the list to have item in the name field.
update2:
small bug fixed.
update3:22/9/2006
tiny cosmetic
update4: 24/9/2006
Add checkbox to break on return

update5: 28/9/2006
more function added

update 6: 30/9/2006
stepped on some bugs

update7: 4/10/2006

Franeppe 09-25-2006 05:08
The movie in exe mode isn't very intelligible in 1024x768 resolution.

Human 09-25-2006 18:05
well seems a nice idea but you can do ctrl+G and write apiname to go to.
but such functionality should be expanded to commandbar like it has softice when you write bpx and press tab it will list all functions starting with string, but there it is also case sensitive

britedream 09-28-2006 22:19
Updated
 
Please test.(there is small bug ,I will fix later)

The Rapishare link is also updated.
Regard
BD.

britedream 09-30-2006 22:24
Updated
 
Stepped on few bugs, it should work fine now.

here is the Rapid link:Updated on 4/10/2006

http://rapidshare.de/files/35462214/FindAddress.rar.html


Brief explaination:
there are 5 checkboxes,accept first and last,if checked will provide information, always double click on the left big box to have it send to where it should be,or to get breakpoint removed . The first checkbox is for partial search for an api. Last checkbox is to set a breakpoint on return.
You can also get the correct api name and address by entering in the address field any address withen an api address space.

File in The first post is also updated on 4/10/2006.

Regards.
BD.

britedream 10-05-2006 21:28
updated
 
I have updated the file ,due to ollydbg having some problems , giving incorrect result. That is only apply to setting breakpoint on return in some applications., so I added a check to inform user that setting breakpoint either cann't be detemined or doubtful so he can set it manually if he wish.

Regards.
BD.


All times are GMT +8. The time now is 14:40.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX